I use win2003 IAS as RADIUS and authentication server
and setting up RADIUS authentication on oracle 10.2.0.2 installed on the same win2003 server.
server settings:
#server's sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES= (RADIUS)
TRACE_DIRECTORY_SERVER = c:\oracle\trace
TRACE_FILE_SERVER = server.trc
TRACE_LEVEL_SERVER = 16
SQLNET.RADIUS_AUTHENTICATION = 192.168.0.10
#server's listener.ora
LISTENER =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = sorc2003)(PORT = 1521))
)
client settings:
#client's sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES = (RADIUS)
NAMES.DIRECTORY_PATH= (TNSNAMES)
TRACE_DIRECTORY_CLIENT = C:\oracle\trace
TRACE_FILE_CLIRNT = client.trc
TRACE_LEVEL_CLIENT = 16
#client's tnsnames.ora
ORA10 =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.0.10)(PORT = 1521))
)
(CONNECT_DATA =
(SERVICE_NAME = ora10)
)
)
it works well with this configuration
C:\oracle\ora102\NETWORK\ADMIN>sqlplus test@ORA10
SQL*Plus: Release 10.2.0.1.0 - Production on Fri Oct 19 20:23:45 2007
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Enter password:
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.2.0 - Production
With the Partitioning, Oracle Label Security, OLAP and Data Mining options
and at this time I see successful authentication message in IAS log.
but with SQLNET.RADIUS_CHALLENGE_RESPONSE = ON in server's sqlnet.ora
it says ORA-12638
#server's sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES= (RADIUS)
TRACE_DIRECTORY_SERVER = c:\oracle\trace
TRACE_FILE_SERVER = server.trc
TRACE_LEVEL_SERVER = 16
SQLNET.RADIUS_AUTHENTICATION = 192.168.0.10
SQLNET.RADIUS_CHALLENGE_RESPONSE = ON
C:\oracle\ora102\NETWORK\ADMIN>sqlplus test@ORA10
SQL*Plus: Release 10.2.0.1.0 - Production on Fri Oct 19 20:14:35 2007
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Enter password:
ERROR:
ORA-12638: Credential retrieval failed
here is the part of client trace:
............
[19-OCT-2007 20:14:36:515] na_csrd: entry
[19-OCT-2007 20:14:36:515] nau_ccn: entry
[19-OCT-2007 20:14:36:515] naurget: entry
[19-OCT-2007 20:14:36:515] nacomrp: entry
[19-OCT-2007 20:14:36:515] nacomrp: exit
[19-OCT-2007 20:14:36:515] snaurj_init: entry
[19-OCT-2007 20:14:36:545] nam_gnsp: Reading parameter "sqlnet.radius_classpath" from parameter file
[19-OCT-2007 20:14:36:545] nam_gnsp: Parameter not found
[19-OCT-2007 20:14:36:545] nam_gnsp: Reading parameter "sqlnet.radius_authentication_interface" from parameter file
[19-OCT-2007 20:14:36:545] nam_gnsp: Parameter not found
[19-OCT-2007 20:14:36:545] snaurj_init: getJVM() failed.
[19-OCT-2007 20:14:36:545] snaurj_init: exit
[19-OCT-2007 20:14:36:545] naurget: snaurj_init() failed.
[19-OCT-2007 20:14:36:545] snaurj_close: entry
[19-OCT-2007 20:14:36:545] snaurj_close: exit
[19-OCT-2007 20:14:36:545] naurget: exit
[19-OCT-2007 20:14:36:545] nau_ccn: get credentials function failed
[19-OCT-2007 20:14:36:545] nau_ccn: failed with error 12638
[19-OCT-2007 20:14:36:545] nacomsd: entry
[19-OCT-2007 20:14:36:545] nacomfsd: entry
[19-OCT-2007 20:14:36:545] nacomfsd: exit
[19-OCT-2007 20:14:36:545] nacomsd: exit
[19-OCT-2007 20:14:36:545] nau_ccn: exit
[19-OCT-2007 20:14:36:545] na_csrd: failed with error 12638
[19-OCT-2007 20:14:36:545] na_csrd: exit
..............
It seems that something wrong with java on client-side. [19-OCT-2007 20:14:36:545] snaurj_init: getJVM() failed.
Can you help me to solve this issue?